登录Spring Securty时用户帐户被锁定 [英] User account is locked when signing in Spring Securty

查看:429
本文介绍了登录Spring Securty时用户帐户被锁定的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我遵循了本指南 Spring boot security + JWT 为了了解如何使用Spring Boot安全性和jwt保护应用程序的安全,我正在调用/authenticate api来测试登录功能.

I followed this guide Spring boot security + JWT in order to learn how to secure an application using spring boot security and jwt and i am calling the /authenticate api to test login functionality. 

@PostMapping(value = "/authenticate")
public ResponseEntity<?> createAuthenticationToken(@RequestBody User authenticationRequest) throws Exception {
    authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
    final UserDetails userDetails = userDetailsService
            .loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails);
    return ResponseEntity.ok(new JwtResponse(token));
}
private void authenticate(String username, String password) throws Exception {
    try {
        authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
    } catch (DisabledException e) {
        throw new Exception("USER_DISABLED", e);
    } catch (BadCredentialsException e) {
        throw new Exception("INVALID_CREDENTIALS", e);
    }
}

我正在使用邮递员调用json中传递用户名和密码的api:

I am using postman to call the api passing username and password in json :

{
"username":"user",
"password":"pass"}

AuthenticationManager.authenticate抛出用户被锁定

AuthenticationManager.authenticate is throwing User is Locked

我对UserDetails的实现直接在用户实体上,而不是最佳实践上,但是我现在没有更好的主意,也许我应该拥有某种实现的DTO,并将其作为createAuthenticationToken的参数()

My implementation of UserDetails is directly on a User Entity, not the best practices but i didnt have a better idea for how to do it now, maybe i should have some kind of DTO that implements is and have it as argument to createAuthenticationToken()

这些是UserDetails中的替代方法:

These are the overriden methods comming from UserDetails:

    @Override
public boolean isAccountNonExpired() {
    return false;
}

@Override
public boolean isAccountNonLocked() {
    return false;
}

@Override
public boolean isCredentialsNonExpired() {
    return false;
}

感谢您的帮助.

推荐答案

false 表示该用户已被锁定.您应从该方法中返回 true 以便不锁定该用户.

false means the user is locked.You should return true from the method for the user to be not locked.

这篇关于登录Spring Securty时用户帐户被锁定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆